Low severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026
CVE-2002-2006
CVE-2002-2006
Description
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | >= 4.0.0, < 4.1.0 | 4.1.0 |
org.apache.tomcat:tomcatMaven | >= 3.0, < 3.3a | 3.3a |
Affected products
15cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
19- archives.neohapsis.com/archives/bugtraq/2002-04/0311.htmlnvdExploit
- www.securityfocus.com/bid/4575nvdExploit
- github.com/advisories/GHSA-8g4f-fh7f-4fwhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2002-2006ghsaADVISORY
- sunsolve.sun.com/search/document.donvdWEB
- tomcat.apache.org/security-4.htmlnvdWEB
- lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3EghsaWEB
- web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.htmlghsaWEB
- web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575ghsaWEB
- web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.phpghsaWEB
- secunia.com/advisories/30899nvd
- secunia.com/advisories/30908nvd
- www.iss.net/security_center/static/8932.phpnvd
- www.vupen.com/english/advisories/2008/1979/referencesnvd
- lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Envd
News mentions
0No linked articles in our index yet.